228fc28bc0da6251242486e5bdf29b8dd9383447e53c87c64331b83582913d23

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 02:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a0d35e7c8e6011c44713fda8d818d8b6_JaffaCakes118.html
Size

126KB
MD5

a0d35e7c8e6011c44713fda8d818d8b6
SHA1

f290a47b337f02e055707daed1999d115028dadc
SHA256

228fc28bc0da6251242486e5bdf29b8dd9383447e53c87c64331b83582913d23
SHA512

f25a55932837271d1fb873fac1be38448a0c5c19fa82ed855fa2c2a5ec80c3a8b2623e242161d5e29aea05c04a7ff2e7451270297c4411302703dbb72954c87f
SSDEEP

3072:c4qM9kI9HgKQq3Gg9Ly1BEp99Y9GPBP4ly1PdecpQGemu8HRIsurT:CwHgbg9Ly1BEp99Y9Ff

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2076	msedge.exe
2076	msedge.exe
2316	msedge.exe
2316	msedge.exe
1020	identity_helper.exe
1020	identity_helper.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 4848	2316	msedge.exe	86
PID 2316 wrote to memory of 4848	2316	msedge.exe	86
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 5076	2316	msedge.exe	87
PID 2316 wrote to memory of 2076	2316	msedge.exe	88
PID 2316 wrote to memory of 2076	2316	msedge.exe	88
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89
PID 2316 wrote to memory of 3440	2316	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a0d35e7c8e6011c44713fda8d818d8b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5fbc46f8,0x7ffe5fbc4708,0x7ffe5fbc4718
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1396 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1412 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,5771722073580892254,4697757228527203103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
de64a4387ef35f64fc048467222951b0

SHA1
3d5d03dad826ca49aa95c973a8ee30f3e67fea23

SHA256
e736c336ba768b102adc528168ee16e59d0b42498b3c003ed14da892d51975c7

SHA512
1d0770e411ae9e0f39017e4d7b9ab3816994536aa70d284112a0de5b77b4b0b38aa3b3daa95a91322967c1b3d58c49521ece39e1c456a7f7673a09aa64123bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a368ecf0efe56ef168f47ef2952f730b

SHA1
aa53e3e166e0cb2db32028ebfa9b40aef1b91e4a

SHA256
0d53973956b8948697fa4ea8996ee2eefd72b58ba7569a55163d882b49ae72a1

SHA512
4a403409057023ba60d273cd244c6bfdc74a615febbbaec798b575aa588e3e532a16e4c38f4113ceea0c6b2039b633f57feffbdcfad88760a75bffc3d9f00c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b991d154349d29d988705a35d38b2a55

SHA1
756f076d42096a2d92a4783c0d806ebc1af67527

SHA256
9037e1d62ea496689ec82cfc680f5645e54a62699ab5ebeb0c48c1308c6ee388

SHA512
d15ec6f0e1e3b0dc31c4c256fdaa0f240e1341957b3ea099c2a7cc008b9a75c61891c13363d7d2bbc56a839feb1aa6717a25f8faacaf3a12e043c237fc2e9d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d06d56e6a0b52fed45b906e742fd54b

SHA1
dcc60480faa7e4cd4f1d43f92423df50a9e19114

SHA256
19e840ac304c8fd09fbd2ce95e9393949f8f173f9b51c9173bb81f6a25444ff0

SHA512
0888d3761fcd1c05d65268544fb6e867795e666b69de555fa61b4791570834c3fddfe033f8344c902a36fdeb3e98eb3261e069f3800f91344aaeb02d71c47cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4b229c45bc73c6639713eb26ed0c1ed

SHA1
35547ad9474d20ae8d17b981b36597417fb4c7d4

SHA256
8a0fecf750b6828a447b80da483ba6a6d52791c155d4371a0f37ce09a1740818

SHA512
05f33075ee260b6c215556da2a315272b1dc16badafbb5a5b76811c58fc30c8f7faffcd7f42c72cdb93f0bcd419666c4cd03d1f14a6d7a85e2f940a943761e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5fbd38b3002ab3d1fea0e2a071a831f4

SHA1
ffc6b9030830a35ff567611e862bb9230ee31d8c

SHA256
4de8a720257e65684ac1f4d561841177269bb68b68da9cc3d1672d0f5d884cc0

SHA512
d9faa21fb960d3286230c51c9c08546742f4cea84096bac77af7fa18726d2974bd2d8dbe055ee0a7578b119658f9905d360f564165d7e3456e26c0bb87ee2d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9fd64b9e9f80ae267133ba16e7b22577

SHA1
d1ec7dd3424b16cad2ae5438ae74189918070772

SHA256
d4b3f6b25cbb366c926df490567dbca57db2f314c6a44c1bfa147ee0b07382ef

SHA512
541e1dec807859e324811a8cca39ea0ab3651c81278db157bc2bb4c83906cb576937073b4c77469b96697f8b08745ae757a243a46efe6bd79c3ff6dc214ad7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
4ede0fa21ef7e42d7cb1c5e90fe88a1f

SHA1
b584f490c18a48d341342c1a15ca31d6a5339dfb

SHA256
c82548b463ecb0ad08bd29e056a01e90284f7784cbcb99a5d90bd00fca02d2cc

SHA512
9a953593d08398db1cc9022eb4e420be173893cda5b24a0f2bc204140212793478bde23ac4b093a7163ea49b83286c42488b59741996c5abfcea2102840d220a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5855cc.TMP

Filesize
371B

MD5
7b94b4cc2155ef54277762eb28c87684

SHA1
8d8528793a0264b1d67eae17f8592d19c176ac14

SHA256
a5625afe6640f92b8fdc04092e028f9b337540fd753c743f7eeb027f6e6741f2

SHA512
273d43fcb01b380508afb11a5bbeb1c0289cad2b6c5b33640ce425a090c158d90533049bb05d1dbeb40e3b279f3a4320e13812f7b8b2c3609e74a2b5aa43237b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0427b88a7fd9fbc4b73d229a25949e3e

SHA1
e632e215d72eb647a2e6850f04d1edf3d83d7c05

SHA256
77b6384e8b7f04ccee5d17de5572fb9d21f69f9b79dadcd0e957df419387bf77

SHA512
e907b7ea56f16a6d532d6a0104ab993716c9ad63234003d2b8a33b76d32ad9f17cec94545a8c8d5bf86bcb5736ca09bb7d4e3fc42a3962fba304e799a71d92f2

Download Submit